Phishing is an attempt of acquiring personal or sensitive information such as credit card information, passwords, etc. by sending an email that appears to be from a legitimate company.
Many people are wise to the typical phishing email; it calls to immediate action, it asks for your password, it’s riddled with spelling and grammatical errors, and comes from a person you don’t recognize.
These telltale signs make the standard phishing email fairly easy to block – in fact 80% of email coming into our gateway is blocked.
Unfortunately, phishing is getting more and more sophisticated and as a result, some of these emails do make it to our inboxes.
Here are a few things we’re doing to tackle this issue:
- We’re continually updating our spam filters.
- We’re blocking emails that appear to come from a Carleton email address but not sent from one of our approved servers. Emails that will come through our gateway on a non approved server will get a high spam score and most likely be flagged as spam.
- We’re looking at testing options for tagging emails as external and noting when there is an external message with a URL. The purpose behind this is to give a heads up to you that the email you’re receiving is coming from a server external to Carleton and could be spam.
The last two activities will catch some of the more sophisticated phishing attempts and reduce the chances of an illegitimate email masquerading as a Carleton employees exchange account.
Here in ITS we will continue to fight the good fight against phishing emails, but your assistance would be extremely valuable in the fight! Don’t take the bait; if you receive an email that you’re not sure is legitimate, here’s what you can do:
- hover over the senders email to confirm the address matches the senders name, if they don’t match, delete the email
- hover over any links to see where they point to before clicking
- never reply to an email with your password or click on a link to provide your credentials
- forward the email along to firstname.lastname@example.org or contact the ITS Service Desk at email@example.com.
Remember, ITS will never ask you for your password!